function outputXML($errNum, $errMsgArr, $patientInfoPrep) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ if (isset($_POST['u'])) { $user = $_POST['u']; } else { $user = "******"; } if (isset($_GET['p'])) { $target = $_GET['pat']; } else { $target = 'all'; } $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content><errNum>" . $errNum . "</errNum>\n"; if ($errNum == 0) { $outputString .= "<PatientCount>" . $patientInfoPrep->rowCount() . "</PatientCount>\n"; while ($patientInfo = $patientInfoPrep->fetch(PDO::FETCH_ASSOC)) { $outputString .= "<Patient>"; $outputString .= "<UserName>" . $patientInfo['UserName'] . "</UserName>\n"; $outputString .= "<FirstName>" . $patientInfo['FirstName'] . "</FirstName>\n"; $outputString .= "<LastName>" . $patientInfo['LastName'] . "</LastName>\n"; $outputString .= "<Sex>" . $patientInfo['Sex'] . "</Sex>\n"; $outputString .= "<Birthday>" . $patientInfo['Birthday'] . "</Birthday>\n"; $outputString .= "<SSN>" . $patientInfo['SSN'] . "</SSN>\n"; $outputString .= "<Email>" . $patientInfo['Email'] . "</Email>\n"; $outputString .= "<PhoneNumber>" . $patientInfo['PhoneNumber'] . "</PhoneNumber>\n"; $outputString .= "<CompanyName>" . $patientInfo['Company_Name'] . "</CompanyName>\n"; $outputString .= "<PlanType>" . $patientInfo['Plan_Type'] . "</PlanType>\n"; $outputString .= "<PlanNum>" . $patientInfo['Plan_Num'] . "</PlanNum>\n"; $outputString .= "<CoveragePercent>" . $patientInfo['Coverage_Percent'] . "</CoveragePercent>\n"; $outputString .= "<CoPay>" . $patientInfo['Co-Pay'] . "</CoPay>\n"; $outputString .= "<CoverageStart>" . $patientInfo['Coverage-Start'] . "</CoverageStart>\n"; $outputString .= "<CoverageEnd>" . $patientInfo['Coverage-End'] . "</CoverageEnd>\n"; $outputString .= "<FKDoctorID>" . $patientInfo['FK_DoctorID'] . "</FKDoctorID>\n"; $outputString .= "<Type>" . $patientInfo['Type'] . "</Type>\n"; $outputString .= "<PatientID>" . $patientInfo['PK_PatientID'] . "</PatientID>\n"; $outputString .= "<Locked>" . $patientInfo['Locked'] . "</Locked>\n"; $outputString .= "<NeedApproval>" . $patientInfo['NeedApproval'] . "</NeedApproval>\n"; $outputString .= "</Patient>"; logToDB($user . " access patient info for " . $target, $patientInfo['PK_member_id'], $user); } } else { $ct = 0; while ($ct < $errNum) { $outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n"; $ct++; } if (!isset($memberInfo['PK_member_id'])) { logToDB($user . " failed to access user info for " . $target, NULL, $user); } else { logToDB($user . " failed to access user info for " . $target, $memberInfo['PK_member_id'], $user); } } $outputString .= "</content>"; return $outputString; //return "SHIT"; }
function outputXML($errNum, $errMsgArr) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ /* $controlString = "3p1XyTiBj01EM0360lFw"; $AUTH_KEY = md5($user.$pw.$controlString); */ global $db; if (isset($_POST['u'])) { $user = $_POST['u']; } else { $user = "******"; } $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content>\n"; $outputString .= "<errNum>" . $errNum . "</errNum>\n"; if ($errNum == 0) { $outputString .= "<RESULT>SUCCESSFUL ADD COPAY!</RESULT>"; logToDB($user . " successfuly registered", NULL, $user); } else { $ct = 0; while ($ct < $errNum) { $outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n"; $ct++; } logToDB($user . " unsuccessful registered", NULL, $user); } $outputString .= "</content>"; return $outputString; }
function outputXML($errNum, $errMsgArr, $memberInfo) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ global $db; if (isset($_POST['u'])) { $user = $_POST['u']; } else { $user = "******"; } $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content><errNum>" . $errNum . "</errNum>\n"; if ($errNum == 0) { $outputString .= "<MedID>" . $_POST['med'] . "</MedID>"; logToDB($user . " update medication", $memberInfo['PK_member_id'], $user); } else { $ct = 0; while ($ct < $errNum) { $outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n"; $ct++; } if (!isset($memberInfo['PK_member_id'])) { logToDB($user . " failed to update medication", NULL, $user); } else { logToDB($user . " failed to update medication", $memberInfo['PK_member_id'], $user); } } $outputString .= "</content>"; return $outputString; //return "SHIT"; }
function outputXML($errNum, $errMsgArr, $db) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ /* $controlString = "3p1XyTiBj01EM0360lFw"; $AUTH_KEY = md5($user.$pw.$controlString); */ $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content>\n"; $outputString .= "<errNum>" . $errNum . "</errNum>\n"; if ($errNum == 0) { $outputString .= "<RESULT>SUCCESSFUL Service</RESULT>"; logToDB($_POST['u'] . " successful query", false, -1, $db); } else { $ct = 0; while ($ct < $errNum) { $outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n"; $ct++; } logToDB($_POST['u'] . " unsuccessful visit", false, -1, $db); } $outputString .= "</content>"; return $outputString; }
function outputXML($errNum, $errMsgArr, $memberInfo, $medPrep, $precPrep) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ if (isset($_GET['u'])) { $user = $_GET['u']; } else { $user = "******"; } if (isset($_GET['pat'])) { $target = $_GET['pat']; } else { $target = 'all'; } $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content><errNum>" . $errNum . "</errNum>\n"; if ($errNum == 0) { if (!($medPrep == '')) { $outputString .= "<MEDCOUNT>" . $medPrep->rowCount() . "</MEDCOUNT>\n"; while ($medArray = $medPrep->fetch(PDO::FETCH_ASSOC)) { $outputString .= "<MedInfo>"; $outputString .= "<MedID>" . $medArray['PK_MedicationsID'] . "</MedID>\n"; $outputString .= "<Medication>" . $medArray['Medication'] . "</Medication>\n"; $outputString .= "<Dosage>" . $medArray['Dosage'] . "</Dosage>\n"; $outputString .= "<StartDate>" . $medArray['StartDate'] . "</StartDate>\n"; $outputString .= "<EndDate>" . $medArray['EndDate'] . "</EndDate>\n"; $outputString .= "</MedInfo>"; } } if (!($precPrep == '')) { $outputString .= "<PRECCOUNT>" . $precPrep->rowCount() . "</PRECCOUNT>\n"; while ($precArray = $precPrep->fetch(PDO::FETCH_ASSOC)) { $outputString .= "<PrecInfo>"; $outputString .= "<PrecID>" . $precArray['PK_ConditionID'] . "</PrecID>\n"; $outputString .= "<ConditionDesc>" . $precArray['Description'] . "</ConditionDesc>\n"; $outputString .= "</PrecInfo>"; } } logToDB($user . " access patient medical info for " . $target, $memberInfo['PK_member_id'], $user); } else { $ct = 0; while ($ct < $errNum) { $outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n"; $ct++; } if (!isset($memberInfo['PK_member_id'])) { logToDB($user . " failed to access patient medical info for " . $target, NULL, $user); } else { logToDB($user . " failed to access patient medical info for " . $target, $memberInfo['PK_member_id'], $user); } } $outputString .= "</content>"; return $outputString; // return "STUFF"; }
function outputXML($errNum, $errMsgArr, $memberInfo) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ /*$controlString = "3p1XyTiBj01EM0360lFw"; $AUTH_KEY = md5($user.$pw.$controlString); */ global $db; if (isset($_GET['u'])) { $user = $_GET['u']; } else { $user = "******"; } //START FORMATTING STRING; WRAP CONTENT TAG AROUND ENTIRE MESSAGE $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content>\n"; $outputString .= "<errNum>" . $errNum . "</errNum>\n"; if ($errNum == 0) { //IF MEMBER PROFILE LOCKED OUTPUT LOCKED AS THE KEY if ($memberInfo['Locked'] == 1) { $outputString .= "<key>MEMBER PROFILE LOCKED</key>\n"; logToDB($memberInfo['UserName'] . " tried to login to locked account", NULL, $user); } else { //CREATE AUTH KEY AND GRAB ALL PERSONAL INFO FROM THE USER TABLE $outputString .= "<key>" . $memberInfo['AUTHKEY'] . "</key>\n"; $outputString .= "<MemberID>" . $memberInfo['PK_member_id'] . "</MemberID>\n"; $outputString .= "<FirstName>" . $memberInfo['FirstName'] . "</FirstName>\n"; $outputString .= "<LastName>" . $memberInfo['LastName'] . "</LastName>\n"; $outputString .= "<Type>" . $memberInfo['Type'] . "</Type>\n"; $outputString .= "<UserName>" . $memberInfo['UserName'] . "</UserName>\n"; $outputString .= "<NeedApproval>" . $memberInfo['NeedApproval'] . "</NeedApproval>\n"; $outputString .= "<PersonalID>" . $memberInfo['PersonalID'] . "</PersonalID>"; //log successful login to the database logToDB($memberInfo['UserName'] . " successfully logged in", $memberInfo['PK_member_id'], $user); } } else { //run through error array and output into xml $ct = 0; while ($ct < $errNum) { $outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n"; $ct += 1; } logToDB($user . " unsuccessful login", NULL, $user); } $outputString .= "</content>"; return $outputString; }
function doService() { $user = strtoupper($_GET['u']); $qry = "SELECT * FROM Users WHERE UserName='******' AND Password='******'p'] . "'"; $result = mysql_query($qry); $member = mysql_fetch_assoc($result); if (mysql_numrows($result)) { $retVal = outputXML('1', $user, $_GET['p']); logToDB("Login Succeed", true, $member['PK_member_id']); } else { $retVal = outputXML('0', '', ''); logToDB("Login Fail", false, -1); } return $retVal; }
function doService($url, $method, $levelForAll) { if ($method == 'GET') { $user = strtoupper($_GET['u']); $qry = "SELECT * FROM Users WHERE UserName='******'"; $result = mysql_query($qry); $member = mysql_fetch_assoc($result); $pwd = $member['Password']; $trustedKey = "xolJXj25jlk56LJkk5677LS"; $controlString = "3p1XyTiBj01EM0360lFw"; $AUTH_KEY = md5($user . $pwd . $controlString); $TRUST_KEY = md5($AUTH_KEY . $trustedKey); $postKey = $_GET['key']; // admin requesting info if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $levelForAll) { // request all users' info if ($_GET['targetType'] == '' || $_GET['target'] == '') { $retVal = outputXML('1', '', '', ''); //HEEEEEEEEERRRRRRRREEEE logToDB($user . " accessing information for all users", true, $member['PK_member_id']); } else { $retVal = outputXML('1', '', $_GET['targetType'], $_GET['target']); //HEEEEEEEEERRRRRRRREEEE logToDB($user . " accessing information for user that has " . $_GET['targetType'] . " of " . $_GET['target'], true, $member['PK_member_id']); } } else { if ($postKey == $TRUST_KEY) { $retVal = outputXML('1', '', 'UserName', $user); //HEEEEEEEEERRRRRRRREEEE logToDB($user . " accessing information for self", true, $member['PK_member_id']); } else { if ($postKey == $AUTH_KEY) { $retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO UPDATE ACCOUNT INFORMATION'); } else { $retVal = outputXML('0', 'UNAUTHORIZED ACCESS'); } } } } else { $retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE'); } return $retVal; }
function doService($url, $method, $level) { // method is POST if (strcmp($method, "POST") == 0) { $user = strtoupper($_POST['u']); $qry = "SELECT * FROM Users WHERE UserName='******'"; $result = mysql_query($qry); $member = mysql_fetch_assoc($result); $pwd = $member['Password']; $trustedKey = "xolJXj25jlk56LJkk5677LS"; $controlString = "3p1XyTiBj01EM0360lFw"; $AUTH_KEY = md5($user . $pwd . $controlString); $TRUST_KEY = md5($AUTH_KEY . $trustedKey); $postKey = $_POST['key']; if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $level) { $patientID = clean($_POST['patientID']); $doctorID = clean($_POST['doctorID']); $doctorMemberID = clean($_POST['doctorMemberID']); $updateQry = "UPDATE Patient SET FK_DoctorID = '" . $doctorID . "' WHERE PK_PatientID = '" . $patientID . "'"; if (mysql_query($updateQry)) { logToDB("Doctor added a patient", true, $doctorMemberID); $retVal = outputXML('1', "PATIENT ADDED"); } else { $retVal = outputXML('0', mysql_error()); } } else { if ($postKey == $AUTH_KEY) { $retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO ADD PATIENTS'); } else { $retVal = outputXML('0', 'UNAUTHORIZED ACCESS'); } } } else { $retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE'); } $retVal .= "<br>{$updateQry}"; return $retVal; }
function outputXML($errNum, $errMsgArr, $memberInfo) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ /*$controlString = "3p1XyTiBj01EM0360lFw"; $AUTH_KEY = md5($user.$pw.$controlString); */ global $db; if (isset($_GET['u'])) { $user = $_GET['u']; } else { $user = "******"; } if (isset($memberInfo['PK_member_id'])) { $myID = $memberInfo['PK_member_id']; } else { $myID = NULL; } $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content>\n"; $outputString .= "<errNum>" . $errNum . "</errNum>\n"; if ($errNum == 0) { $outputString .= "<RESULT>SUCCESSFUL REGISTER!</RESULT>"; logToDB($user . " changed doctor for a patient", $myID, $user); } else { $ct = 0; while ($ct < $errNum) { $outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n"; $ct++; } logToDB($user . " failed to change doctor for a patient", $myID, $user); } $outputString .= "</content>"; return $outputString; }
function outputXML($result, $key, $numError, $ErrorString) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ $controlString = "3p1XyTiBj01EM0360lFw"; $AUTH_KEY = md5($user . $pw . $controlString); $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content><result>" . $result . "</result>\n"; $getIDQry = "SELECT * FROM Users WHERE UserName='******'u'] . "'"; $getIDRes = mysql_query($getIDQry); $rows = mysql_fetch_assoc($getIDRes); $id = $rows['PK_member_id']; if ($result == '1') { logToDB($user . " changed password", true, $id); $outputString .= "<key>" . $key . "</key>\n"; } else { $outputString .= "<numerror>" . $numError . "</numerror>\n"; $outputString .= "<ERROR>" . $ErrorString . "</ERROR>\n"; logToDB($user . " failed to change password", true, $id); } $outputString .= "</content>"; return $outputString; }
function outputXML($errNum, $errMsgArr, $patientInfoPrep) { /* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */ if (isset($_POST['u'])) { $user = $_POST['u']; } else { $user = "******"; } if (isset($_GET['p'])) { $target = $_GET['pat']; } else { $target = 'all'; } /* $outputString = ''; $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content>\n"; while ($appt = $appoint->fetch(PDO::FETCH_ASSOC)) { $outputString .= "<apptcount>".$numrows."<apptcount>\n"; //count for pat &doc $outputString .= "<appointment>\n"; $outputString .= "<apptID>" . $appt['PK_AppID'] . "</apptID>\n"; $outputString .= "<date>" . $appt['Date'] . "</date>\n"; $outputString .= "<time>" . $appt['Time'] . "</time>\n"; $outputString .= "<doctor>" . $appt['DocName'] . "</doctor>\n"; $outputString .= "<reason>" . $appt['Reason'] . "</reason>\n"; $outputString .= "<remind>" . $appt['Reminder'] . "</remind>\n"; $outputString .= "</appointment>\n"; } $outputString .= "</content>\n"; $retVal = $outputString; */ $outputString = ''; //start empty $outputString .= "<?xml version=\"1.0\"?>\n"; $outputString .= "<content><errNum>" . $errNum . "</errNum>\n"; if ($errNum == 0) { $outputString .= "<APPTCOUNT>" . $patientInfoPrep->rowCount() . "</APPTCOUNT>\n"; while ($patientInfo = $patientInfoPrep->fetch(PDO::FETCH_ASSOC)) { $outputString .= "<Appointment>"; $outputString .= "<APPTID>" . $patientInfo['PK_AppID'] . "</APPTID>\n"; $outputString .= "<PatID>" . $patientInfo['FK_PatientID'] . "</PatID>\n"; $outputString .= "<REASON>" . $patientInfo['Reason'] . "</REASON>\n"; $outputString .= "<DATE>" . $patientInfo['Date'] . "</DATE>\n"; $outputString .= "<TIME>" . $patientInfo['Time'] . "</TIME>\n"; $outputString .= "<STATUS>" . $patientInfo['Status'] . "</STATUS>\n"; $outputString .= "</Appointment>"; logToDB($user . " access patient info for " . $target, $memberInfo['PK_member_id'], $user); } } else { $ct = 0; while ($ct < $errNum) { $outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n"; $ct++; } if (!isset($memberInfo['PK_member_id'])) { logToDB($user . " failed to access user info for " . $target, NULL, $user); } else { logToDB($user . " failed to access user info for " . $target, $memberInfo['PK_member_id'], $user); } } $outputString .= "</content>"; return $outputString; //return "SHIT"; }